PCI SSCs mission
To enhance payment account data security by driving education and awareness of the PCI SSC security standards (the "PCI
... [Show More] standards").
Adopted to help achieve the goal of PCI SSCs Mission
Code of Professional Responsibility to help ensure that information security professional adhere to the highest standards of ethical and professional conduct.
Adherence to the Code of Professional Responsibility (CPR)
Helps ensure the safe handling of cardholder information and enhance payment card data security. All PCI SSC qualified and PCI SSC qualification candidates must advocate and adhere to the CPR.
Revocation of qualification or other disciplinary action
The penalty for a PCI SSC qualified individual who intentionally or knowingly violates the CPR.
Professional Competence and Due Care includes these functions.
(1) Perform work honorably, responsibly, and legally; (2) Act in best interests of all entities that you provide service or support to while maintaining high standards of being consistent with PCI standards and guidance; (3) deliver diligent and competent services; (4) render services for which you are fully competent and qualified; (5) Advise entities you provide services to about changes to PCI standards and guidance; (6) participate in learning to maintain skills and expertise; (7) promote best security practices and standards.
CPR - Security & Confidentiality
(1) Respect and safeguard confidential, proprietary; or other sensitive information UNLESS disclosure is required by a legal authority - no use for personal benefit or release to inappropriate parties; (2) Take steps to comply with PCI standards to assure that confidential information is securely maintained; (3) Immediately notify appropriate authorities and industry personnel should you suspect a compromise or breach in security.
CPR - Integrity
(1) Refrain from conduct that would reflect poorly on the reputation of PCI SSC; (2) report ethical violations to PCI SSC; (3) refrain from activities that may constitute a conflict of interest; (4) perform all duties objectively.
CPR - Compliance with Industry Laws & Standards
(1) Perform duties in accordance with PCI Standards; (2) Comply with existing laws and regulations, with local laws taking precedence over PCI standards; and (3) cooperate with law enforcement agencies.
CPR - Violation & Enforcement
Depending on severity, disciplinary action can include: (1) a written warning which could include consequences for a repeat violation; (2) SUSPENSION from all programs; (3) REVOCATION from all programs in which the individual actively participates. There is a procedure that allows for fair and objective review of all allegations of violation of CPR.
PCIP Qualification Validity
(1) valid for 3 years; (2) prequalify without undergoing PCIP training; (3) Linked to the current PCI DSS version - it is valuable to undergo PCIP training to fully understand updates/changes to the latest version of PCI DSS.
PCI Resources
(1) Website includes document library with PCI standards, PCI DSS Quick Reference; PCI DSS and PA-DSS glossary of terms; information supplements and guidelines, approved assessors, scanners, PA-DSS applications and P2PE solutions; FAQs, PCi for small merchants, training courses and webinars; (2) email questions to the sec standards; (3) [Show Less]